GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

BankerFox.A/nuquel win32

View previous topic View next topic Go down

BankerFox.A/nuquel win32

Post by greengillbill on Tue Dec 15, 2009 5:11 am

First off, thanks so much for this site. It is a great community service to everyone in the computer community. Second, please be patient with me as I am a novice at this sort of thing.

With that been said, I contracted this virus off of face book. Originally, the computer had repeated pop ups and such. I removed the hard drive and placed it in a case so it could be cleaned remotely by another computer, that did not work. I re-installed the drive and it seemed to help some. The pop ups quit and the computer ran a little better. Now the computer is really slow and does not function very well. I cannot start the machine in safe mode. I managed to get McAfee installed, but it states that not all of the program was installed and to try again. I also tried some of the other free spyware programs but it seemed as if the computer would not let them down load. The computer also freezes up now and then and the machine seems to run a lot more than it used to. I hope this info helps. If you need more or have questions please do not hesitate to ask.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:41 PM, on 12/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1215355462\ee\AOLSoftware.exe
C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\regscan.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~nsu.tmp\Au_.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\nsn5A2.tmp\ns5A3.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Downloads\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winwarepro.microsoft.com
O1 - Hosts: 91.212.127.227 winwarepro.com
O1 - Hosts: 91.212.127.227 [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1215355462\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.1\AOL.EXE" -b
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - [You must be registered and logged in to see this link.] Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Check &Spelling - [You must be registered and logged in to see this link.] Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - [You must be registered and logged in to see this link.] Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13988 bytes

greengillbill
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-12-15
OS : xp
Points : 25528
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by Dr Jay on Wed Dec 16, 2009 2:05 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by greengillbill on Fri Dec 18, 2009 4:56 am

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/16/2009 9:39:52 PM
mbam-log-2009-12-16 (21-39-52).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 261616
Time elapsed: 3 hour(s), 43 minute(s), 53 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 155
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 19
Files Infected: 80

Memory Processes Infected:
C:\WINDOWS\system32\regscan.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regscan (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux (Trojan.JSRedir.H) -> Bad: (C:\WINDOWS\system32\..\iwpkcg.swp) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\iwpkcg.swp (Trojan.JSRedir.H) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0AFF166A.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000D3C3E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000D418E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00398F4A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0039919C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00399DA2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00399E7D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00399F38.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00399FE4 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003B220F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003CF75C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0057AD11.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0057B994.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0057C5AA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0058A193 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008F6356.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008F7085.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008F720B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008F7305 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02A551CC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\052C9BDA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\07372013.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\073725A1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0737288F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\07372C77.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\07373A13.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\180B6649 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25B011B3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25B01482.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25B01666.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\25B01760.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regscan.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

greengillbill
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-12-15
OS : xp
Points : 25528
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by Dr Jay on Fri Dec 18, 2009 10:04 am

Download [You must be registered and logged in to see this link.]

  • Load SuperAntiSpyware and click the Check for updates button.
  • Once the update is finished click the Scan your computer button.
  • Check Perform Complete Scan and then next.
  • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by greengillbill on Fri Dec 18, 2009 8:21 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 12/18/2009 at 10:55 AM

Application Version : 4.32.1000

Core Rules Database Version : 4386
Trace Rules Database Version: 2223

Scan type : Complete Scan
Total Scan Time : 02:06:43

Memory items scanned : 492
Memory threats detected : 0
Registry items scanned : 7173
Registry threats detected : 1
File items scanned : 32597
File threats detected : 198

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[2].txt
C:\Documents and Settings\Owner\Cookies\owner@findarticles[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mywebsearch[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[3].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[3].txt
C:\Documents and Settings\Owner\Cookies\owner@homesteadtechnologies.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@[You must be registered and logged in to see this link.]
C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.undertone[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sdctrack.thomasnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[4].txt
C:\Documents and Settings\Owner\Cookies\owner@sdctrack.thomasnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[3].txt
C:\Documents and Settings\Owner\Cookies\owner@burstbeacon[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.financialcontent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.csindy[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dominionenterprises.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserving.autotrader[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.jian[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@incentaclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pluckit.demandmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@accountonline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@[You must be registered and logged in to see this link.]
C:\Documents and Settings\Owner\Cookies\owner@tacoda[5].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[5].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ritchiebros.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[4].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\owner@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[5].txt
C:\Documents and Settings\Owner\Cookies\owner@bridge1.admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[3].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@click.email.hotels[1].txt
C:\Documents and Settings\Owner\Cookies\owner@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cluster03.oasis.zmh.zope[1].txt
C:\Documents and Settings\Owner\Cookies\owner@view.atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@discounts.shopathome[1].txt
C:\Documents and Settings\Owner\Cookies\owner@syndication.mediafly[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cdn4.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@primediabusiness.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sdctrack.thomasnet[4].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[3].txt
C:\Documents and Settings\Owner\Cookies\owner@bobcat.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[3].txt
C:\Documents and Settings\Owner\Cookies\owner@[You must be registered and logged in to see this link.]
C:\Documents and Settings\Owner\Cookies\owner@lfstmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adv.dmv[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.youku[1].txt
C:\Documents and Settings\Owner\Cookies\owner@walmartstores.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@s5.shinystat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[4].txt
C:\Documents and Settings\Owner\Cookies\owner@adserv.brandaffinity[2].txt
C:\Documents and Settings\Owner\Cookies\owner@[You must be registered and logged in to see this link.]
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@shinystat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver1.synapseip[2].txt
C:\Documents and Settings\Owner\Cookies\owner@[You must be registered and logged in to see this link.]
C:\Documents and Settings\Owner\Cookies\owner@canvancouver.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@socialmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[6].txt
C:\Documents and Settings\Owner\Cookies\owner@traveladvertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@qnsr[2].txt
C:\Documents and Settings\Owner\Cookies\owner@optimize.indieclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.aol[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atlas.entrepreneur[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trackalyzer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ebay.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\Cookies\owner@kelleybluebook.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@network.realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@samsclub.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lstat.youku[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@livenation.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[1].txt
C:\Documents and Settings\Owner\Cookies\owner@widgets.mediafly[1].txt
C:\Documents and Settings\Owner\Cookies\owner@[You must be registered and logged in to see this link.]
C:\Documents and Settings\Owner\Cookies\owner@intermundomedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertstream[2].txt
C:\Documents and Settings\Owner\Cookies\owner@[You must be registered and logged in to see this link.]
C:\Documents and Settings\Owner\Cookies\owner@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@shop.orangecountychoppers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@efashionsolutions.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.lucidmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[5].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@[You must be registered and logged in to see this link.]
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.associatedcontent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@associatedcontent.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nationalgeographic.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pfizer.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[3].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[7].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\owner@app.insightgrit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@counter2.hitslink[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnbc.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@oasn03.247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e1.cdn.qnsr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@usairways.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[6].txt
C:\Documents and Settings\LocalService\Cookies\owner@ads.web.aol[1].txt
C:\Documents and Settings\LocalService\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[3].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[4].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mywebsearch[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[3].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[6].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[4].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[3].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@apmebf[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@content.yieldmanager[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickthrough.kanoodle[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@homestore.122.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@d.mediaforceads[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.addynamix[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@collective-media[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@tracking.realtor[1].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-2473695328-4155993587-3481024747-1003\SOFTWARE\FunWebProducts

greengillbill
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-12-15
OS : xp
Points : 25528
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by Dr Jay on Fri Dec 18, 2009 10:36 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

==

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by greengillbill on Sat Dec 19, 2009 4:38 am

[You must be registered and logged in to see this link.]
Anti-Malware 1.42
Database version: 3391
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/18/2009 7:58:53 PM
mbam-log-2009-12-18 (19-58-53).txt

Scan type: Quick Scan
Objects scanned: 137554
Time elapsed: 39 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

greengillbill
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-12-15
OS : xp
Points : 25528
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by Dr Jay on Sat Dec 19, 2009 6:25 am

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by greengillbill on Sat Dec 19, 2009 5:16 pm

ComboFix 09-12-18.03 - Owner 12/19/2009 9:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.732 [GMT -7:00]
Running from: f:\downloads\KittyFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Tvm.log
C:\LOG.TXT
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\ps2.bat
c:\windows\system32\twain.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 15:43 . 2009-12-18 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-18 15:41 . 2009-12-18 15:41 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-17 05:28 . 2009-12-17 05:28 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee
2009-12-17 00:47 . 2009-12-17 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-12-17 00:47 . 2009-12-17 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-06 21:11 . 2009-12-06 21:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 16:56 . 2009-12-18 15:44 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-18 15:43 . 2009-12-18 15:43 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-18 15:41 . 2009-12-18 15:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-18 15:40 . 2009-12-18 15:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-18 00:35 . 2009-11-10 04:55 -------- d-----w- c:\program files\McAfee
2009-12-17 07:51 . 2009-11-08 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-17 05:16 . 2009-11-10 04:55 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-17 00:47 . 2009-12-17 00:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 03:55 . 2008-04-18 21:53 3530 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2009-12-03 23:14 . 2009-12-17 00:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 23:13 . 2009-12-17 00:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 04:42 . 2003-08-29 03:19 -------- d-----w- c:\documents and settings\Owner\Application Data\interMute
2009-11-13 06:47 . 2009-11-13 06:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-13 05:07 . 2009-11-13 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-13 04:57 . 2009-11-13 04:56 -------- d-----w- c:\program files\McAfee.com
2009-11-13 04:38 . 2009-11-10 05:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-13 04:36 . 2009-11-10 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-09 04:32 . 2004-01-20 03:29 -------- d-----w- c:\program files\MSN Messenger
2009-11-09 03:50 . 2005-11-15 16:47 -------- d-----w- c:\program files\AOL Toolbar
2009-11-08 04:07 . 2009-11-08 04:07 4129799 ----a-w- C:\stinger1001624.exe
2009-11-08 03:59 . 2009-11-08 03:59 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-11-08 03:58 . 2009-11-08 03:59 891048 ----a-w- C:\avg_free_stb_all_9_39_cnet.exe
2009-10-29 18:52 . 2008-04-20 13:36 849184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\Components\DownloadQB18\Patch\qbpatch.exe
2009-10-29 07:45 . 2003-09-18 06:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-18 03:34 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-18 03:30 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-18 03:30 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2003-09-18 06:08 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2003-09-18 06:08 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2003-09-18 06:08 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-30 19:11 . 2009-12-18 00:18 288096 ----a-r- c:\documents and settings\Owner\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2008-05-19 01:46 . 2008-05-19 01:46 4890632 -c--a-w- c:\program files\NapsterPlugin3205.exe
2007-12-17 02:06 . 2007-12-17 02:06 21321008 -c--a-w- c:\program files\QuickTimeInstaller.exe
2005-11-05 17:09 . 2005-11-05 17:09 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
"NVIEW"="nview.dll" [2003-05-03 835654]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-18 200767]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2008-06-03 50528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz"="nwiz.exe" [2003-05-03 323584]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-25 53248]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-09-27 20480]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"HostManager"="c:\program files\Common Files\AOL\1215355462\ee\AOLSoftware.exe" [2008-06-24 41824]
"BtcMaestro"="c:\program files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe" [2007-10-23 344064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=c:\windows\pss\MySoftware NewsFlash.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1215355462\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53131:TCP"= 53131:TCP:PORT_53131
"15115:TCP"= 15115:TCP:PORT_15115
"46474:TCP"= 46474:TCP:PORT_46474
"15302:TCP"= 15302:TCP:PORT_15302
"53317:TCP"= 53317:TCP:PORT_53317
"53688:TCP"= 53688:TCP:PORT_53688
"39982:TCP"= 39982:TCP:PORT_39982
"26158:TCP"= 26158:TCP:PORT_26158
"53858:TCP"= 53858:TCP:PORT_53858
"7166:TCP"= 7166:TCP:PORT_7166
"39142:TCP"= 39142:TCP:PORT_39142
"58656:TCP"= 58656:TCP:PORT_58656
"43806:TCP"= 43806:TCP:PORT_43806
"13833:TCP"= 13833:TCP:PORT_13833
"54286:TCP"= 54286:TCP:PORT_54286
"32138:TCP"= 32138:TCP:PORT_32138
"38595:TCP"= 38595:TCP:PORT_38595
"63063:TCP"= 63063:TCP:PORT_63063
"11372:TCP"= 11372:TCP:PORT_11372
"57302:TCP"= 57302:TCP:PORT_57302
"20741:TCP"= 20741:TCP:PORT_20741
"12950:TCP"= 12950:TCP:PORT_12950
"13871:TCP"= 13871:TCP:PORT_13871
"19594:TCP"= 19594:TCP:PORT_19594
"65059:TCP"= 65059:TCP:PORT_65059
"54814:TCP"= 54814:TCP:PORT_54814
"49456:TCP"= 49456:TCP:PORT_49456
"17318:TCP"= 17318:TCP:PORT_17318
"60923:TCP"= 60923:TCP:PORT_60923
"14990:TCP"= 14990:TCP:PORT_14990
"11002:TCP"= 11002:TCP:PORT_11002
"11391:TCP"= 11391:TCP:PORT_11391
"19438:TCP"= 19438:TCP:PORT_19438
"8030:TCP"= 8030:TCP:PORT_8030
"49384:TCP"= 49384:TCP:PORT_49384
"50058:TCP"= 50058:TCP:PORT_50058
"35666:TCP"= 35666:TCP:PORT_35666
"32474:TCP"= 32474:TCP:PORT_32474
"36058:TCP"= 36058:TCP:PORT_36058
"12630:TCP"= 12630:TCP:PORT_12630
"58938:TCP"= 58938:TCP:PORT_58938
"13306:TCP"= 13306:TCP:PORT_13306
"40457:TCP"= 40457:TCP:PORT_40457
"61703:TCP"= 61703:TCP:PORT_61703
"56396:TCP"= 56396:TCP:PORT_56396
"50306:TCP"= 50306:TCP:PORT_50306
"57973:TCP"= 57973:TCP:PORT_57973
"10034:TCP"= 10034:TCP:PORT_10034
"29208:TCP"= 29208:TCP:PORT_29208
"34497:TCP"= 34497:TCP:PORT_34497
"60239:TCP"= 60239:TCP:PORT_60239
"59227:TCP"= 59227:TCP:PORT_59227
"11274:TCP"= 11274:TCP:PORT_11274
"41212:TCP"= 41212:TCP:PORT_41212
"45375:TCP"= 45375:TCP:PORT_45375
"64387:TCP"= 64387:TCP:PORT_64387
"32610:TCP"= 32610:TCP:PORT_32610
"62512:TCP"= 62512:TCP:PORT_62512
"24427:TCP"= 24427:TCP:PORT_24427
"50492:TCP"= 50492:TCP:PORT_50492
"29943:TCP"= 29943:TCP:PORT_29943
"12965:TCP"= 12965:TCP:PORT_12965
"7012:TCP"= 7012:TCP:PORT_7012
"54790:TCP"= 54790:TCP:PORT_54790
"27594:TCP"= 27594:TCP:PORT_27594
"6766:TCP"= 6766:TCP:PORT_6766
"46001:TCP"= 46001:TCP:PORT_46001
"8549:TCP"= 8549:TCP:PORT_8549
"52771:TCP"= 52771:TCP:PORT_52771
"28067:TCP"= 28067:TCP:PORT_28067
"12995:TCP"= 12995:TCP:PORT_12995
"51040:TCP"= 51040:TCP:PORT_51040
"65008:TCP"= 65008:TCP:PORT_65008
"16751:TCP"= 16751:TCP:PORT_16751
"41383:TCP"= 41383:TCP:PORT_41383
"54512:TCP"= 54512:TCP:PORT_54512
"16966:TCP"= 16966:TCP:PORT_16966
"39121:TCP"= 39121:TCP:PORT_39121
"46735:TCP"= 46735:TCP:PORT_46735
"22604:TCP"= 22604:TCP:PORT_22604
"44551:TCP"= 44551:TCP:PORT_44551
"64844:TCP"= 64844:TCP:PORT_64844
"23442:TCP"= 23442:TCP:PORT_23442
"51711:TCP"= 51711:TCP:PORT_51711
"29715:TCP"= 29715:TCP:PORT_29715
"27365:TCP"= 27365:TCP:PORT_27365
"7825:TCP"= 7825:TCP:PORT_7825
"29508:TCP"= 29508:TCP:PORT_29508
"27896:TCP"= 27896:TCP:PORT_27896
"53603:TCP"= 53603:TCP:PORT_53603
"41852:TCP"= 41852:TCP:PORT_41852
"14426:TCP"= 14426:TCP:PORT_14426
"50262:TCP"= 50262:TCP:PORT_50262
"29211:TCP"= 29211:TCP:PORT_29211
"43661:TCP"= 43661:TCP:PORT_43661
"14403:TCP"= 14403:TCP:PORT_14403
"30958:TCP"= 30958:TCP:PORT_30958
"56418:TCP"= 56418:TCP:PORT_56418
"30518:TCP"= 30518:TCP:PORT_30518
"38371:TCP"= 38371:TCP:PORT_38371
"20973:TCP"= 20973:TCP:PORT_20973
"18934:TCP"= 18934:TCP:PORT_18934
"30036:TCP"= 30036:TCP:PORT_30036
"6079:TCP"= 6079:TCP:PORT_6079
"52805:TCP"= 52805:TCP:PORT_52805
"7055:TCP"= 7055:TCP:PORT_7055
"39778:TCP"= 39778:TCP:PORT_39778
"32336:TCP"= 32336:TCP:PORT_32336
"47016:TCP"= 47016:TCP:PORT_47016
"64914:TCP"= 64914:TCP:PORT_64914
"41451:TCP"= 41451:TCP:PORT_41451
"43718:TCP"= 43718:TCP:PORT_43718
"23301:TCP"= 23301:TCP:PORT_23301
"23903:TCP"= 23903:TCP:PORT_23903
"30238:TCP"= 30238:TCP:PORT_30238
"13712:TCP"= 13712:TCP:PORT_13712
"18594:TCP"= 18594:TCP:PORT_18594
"38931:TCP"= 38931:TCP:PORT_38931
"41914:TCP"= 41914:TCP:PORT_41914
"53646:TCP"= 53646:TCP:PORT_53646
"17100:TCP"= 17100:TCP:PORT_17100
"35346:TCP"= 35346:TCP:PORT_35346
"21176:TCP"= 21176:TCP:PORT_21176
"5720:TCP"= 5720:TCP:PORT_5720
"53832:TCP"= 53832:TCP:PORT_53832
"9910:TCP"= 9910:TCP:PORT_9910
"52766:TCP"= 52766:TCP:PORT_52766
"5328:TCP"= 5328:TCP:PORT_5328
"30860:TCP"= 30860:TCP:PORT_30860
"37469:TCP"= 37469:TCP:PORT_37469
"35817:TCP"= 35817:TCP:PORT_35817
"14405:TCP"= 14405:TCP:PORT_14405
"58195:TCP"= 58195:TCP:PORT_58195
"57851:TCP"= 57851:TCP:PORT_57851
"19771:TCP"= 19771:TCP:PORT_19771
"24098:TCP"= 24098:TCP:PORT_24098
"36463:TCP"= 36463:TCP:PORT_36463
"33047:TCP"= 33047:TCP:PORT_33047
"27047:TCP"= 27047:TCP:PORT_27047
"14942:TCP"= 14942:TCP:PORT_14942
"45586:TCP"= 45586:TCP:PORT_45586
"57285:TCP"= 57285:TCP:PORT_57285
"16365:TCP"= 16365:TCP:PORT_16365
"26422:TCP"= 26422:TCP:PORT_26422
"18469:TCP"= 18469:TCP:PORT_18469
"30422:TCP"= 30422:TCP:PORT_30422
"31883:TCP"= 31883:TCP:PORT_31883
"63887:TCP"= 63887:TCP:PORT_63887
"60379:TCP"= 60379:TCP:PORT_60379
"55121:TCP"= 55121:TCP:PORT_55121
"5251:TCP"= 5251:TCP:PORT_5251
"17243:TCP"= 17243:TCP:PORT_17243
"17441:TCP"= 17441:TCP:PORT_17441
"63743:TCP"= 63743:TCP:PORT_63743
"23068:TCP"= 23068:TCP:PORT_23068
"43504:TCP"= 43504:TCP:PORT_43504
"12009:TCP"= 12009:TCP:PORT_12009
"63926:TCP"= 63926:TCP:PORT_63926
"51723:TCP"= 51723:TCP:PORT_51723
"54332:TCP"= 54332:TCP:PORT_54332
"52598:TCP"= 52598:TCP:PORT_52598
"17473:TCP"= 17473:TCP:PORT_17473
"24891:TCP"= 24891:TCP:PORT_24891
"43380:TCP"= 43380:TCP:PORT_43380
"43078:TCP"= 43078:TCP:PORT_43078
"59653:TCP"= 59653:TCP:PORT_59653
"50735:TCP"= 50735:TCP:PORT_50735
"7552:TCP"= 7552:TCP:PORT_7552
"62004:TCP"= 62004:TCP:PORT_62004
"55238:TCP"= 55238:TCP:PORT_55238
"6715:TCP"= 6715:TCP:PORT_6715
"12287:TCP"= 12287:TCP:PORT_12287
"16922:TCP"= 16922:TCP:PORT_16922
"43181:TCP"= 43181:TCP:PORT_43181
"26442:TCP"= 26442:TCP:PORT_26442
"43513:TCP"= 43513:TCP:PORT_43513
"10219:TCP"= 10219:TCP:PORT_10219
"54849:TCP"= 54849:TCP:PORT_54849
"8093:TCP"= 8093:TCP:PORT_8093
"56665:TCP"= 56665:TCP:PORT_56665
"34290:TCP"= 34290:TCP:PORT_34290
"43816:TCP"= 43816:TCP:PORT_43816
"29442:TCP"= 29442:TCP:PORT_29442
"33660:TCP"= 33660:TCP:PORT_33660
"10290:TCP"= 10290:TCP:PORT_10290
"38696:TCP"= 38696:TCP:PORT_38696
"30016:TCP"= 30016:TCP:PORT_30016
"31941:TCP"= 31941:TCP:PORT_31941
"22207:TCP"= 22207:TCP:PORT_22207
"54801:TCP"= 54801:TCP:PORT_54801
"49863:TCP"= 49863:TCP:PORT_49863
"57708:TCP"= 57708:TCP:PORT_57708
"35137:TCP"= 35137:TCP:PORT_35137
"10965:TCP"= 10965:TCP:PORT_10965
"29360:TCP"= 29360:TCP:PORT_29360
"34328:TCP"= 34328:TCP:PORT_34328
"33875:TCP"= 33875:TCP:PORT_33875
"48145:TCP"= 48145:TCP:PORT_48145
"48598:TCP"= 48598:TCP:PORT_48598
"63922:TCP"= 63922:TCP:PORT_63922
"58395:TCP"= 58395:TCP:PORT_58395
"34723:TCP"= 34723:TCP:PORT_34723
"10621:TCP"= 10621:TCP:PORT_10621
"29875:TCP"= 29875:TCP:PORT_29875
"24377:TCP"= 24377:TCP:PORT_24377
"27887:TCP"= 27887:TCP:PORT_27887
"17876:TCP"= 17876:TCP:PORT_17876
"42629:TCP"= 42629:TCP:PORT_42629
"41735:TCP"= 41735:TCP:PORT_41735
"46176:TCP"= 46176:TCP:PORT_46176
"36020:TCP"= 36020:TCP:PORT_36020
"35082:TCP"= 35082:TCP:PORT_35082
"57700:TCP"= 57700:TCP:PORT_57700
"33129:TCP"= 33129:TCP:PORT_33129
"45098:TCP"= 45098:TCP:PORT_45098
"11313:TCP"= 11313:TCP:PORT_11313
"65281:TCP"= 65281:TCP:PORT_65281
"43016:TCP"= 43016:TCP:PORT_43016
"24923:TCP"= 24923:TCP:PORT_24923
"50254:TCP"= 50254:TCP:PORT_50254
"12809:TCP"= 12809:TCP:PORT_12809
"30500:TCP"= 30500:TCP:PORT_30500
"15313:TCP"= 15313:TCP:PORT_15313
"17535:TCP"= 17535:TCP:PORT_17535
"20738:TCP"= 20738:TCP:PORT_20738
"37770:TCP"= 37770:TCP:PORT_37770
"31715:TCP"= 31715:TCP:PORT_31715
"63250:TCP"= 63250:TCP:PORT_63250
"14168:TCP"= 14168:TCP:PORT_14168
"49547:TCP"= 49547:TCP:PORT_49547
"32344:TCP"= 32344:TCP:PORT_32344
"64301:TCP"= 64301:TCP:PORT_64301
"15875:TCP"= 15875:TCP:PORT_15875
"64441:TCP"= 64441:TCP:PORT_64441
"64703:TCP"= 64703:TCP:PORT_64703
"39645:TCP"= 39645:TCP:PORT_39645
"51832:TCP"= 51832:TCP:PORT_51832
"41406:TCP"= 41406:TCP:PORT_41406
"59270:TCP"= 59270:TCP:PORT_59270
"64207:TCP"= 64207:TCP:PORT_64207
"23766:TCP"= 23766:TCP:PORT_23766
"48207:TCP"= 48207:TCP:PORT_48207
"47988:TCP"= 47988:TCP:PORT_47988
"48813:TCP"= 48813:TCP:PORT_48813
"56797:TCP"= 56797:TCP:PORT_56797
"57645:TCP"= 57645:TCP:PORT_57645
"34817:TCP"= 34817:TCP:PORT_34817
"59915:TCP"= 59915:TCP:PORT_59915
"9543:TCP"= 9543:TCP:PORT_9543
"54075:TCP"= 54075:TCP:PORT_54075
"50915:TCP"= 50915:TCP:PORT_50915
"37118:TCP"= 37118:TCP:PORT_37118
"38547:TCP"= 38547:TCP:PORT_38547
"8750:TCP"= 8750:TCP:PORT_8750
"13031:TCP"= 13031:TCP:PORT_13031
"38047:TCP"= 38047:TCP:PORT_38047
"52270:TCP"= 52270:TCP:PORT_52270
"24075:TCP"= 24075:TCP:PORT_24075
"26832:TCP"= 26832:TCP:PORT_26832
"35250:TCP"= 35250:TCP:PORT_35250
"49715:TCP"= 49715:TCP:PORT_49715
"17200:TCP"= 17200:TCP:PORT_17200
"48441:TCP"= 48441:TCP:PORT_48441
"46743:TCP"= 46743:TCP:PORT_46743
"48926:TCP"= 48926:TCP:PORT_48926
"61816:TCP"= 61816:TCP:PORT_61816
"13985:TCP"= 13985:TCP:PORT_13985
"36785:TCP"= 36785:TCP:PORT_36785
"63938:TCP"= 63938:TCP:PORT_63938
"41344:TCP"= 41344:TCP:PORT_41344
"57223:TCP"= 57223:TCP:PORT_57223
"28871:TCP"= 28871:TCP:PORT_28871
"54957:TCP"= 54957:TCP:PORT_54957
"19375:TCP"= 19375:TCP:PORT_19375
"14941:TCP"= 14941:TCP:PORT_14941
"30207:TCP"= 30207:TCP:PORT_30207
"55125:TCP"= 55125:TCP:PORT_55125
"62005:TCP"= 62005:TCP:PORT_62005
"56191:TCP"= 56191:TCP:PORT_56191
"20196:TCP"= 20196:TCP:PORT_20196
"32297:TCP"= 32297:TCP:PORT_32297
"9406:TCP"= 9406:TCP:PORT_9406
"16715:TCP"= 16715:TCP:PORT_16715
"6735:TCP"= 6735:TCP:PORT_6735
"17485:TCP"= 17485:TCP:PORT_17485
"9505:TCP"= 9505:TCP:PORT_9505
"28375:TCP"= 28375:TCP:PORT_28375
"62973:TCP"= 62973:TCP:PORT_62973
"34423:TCP"= 34423:TCP:PORT_34423
"61342:TCP"= 61342:TCP:PORT_61342
"28629:TCP"= 28629:TCP:PORT_28629
"35723:TCP"= 35723:TCP:PORT_35723
"39310:TCP"= 39310:TCP:PORT_39310
"36078:TCP"= 36078:TCP:PORT_36078
"55176:TCP"= 55176:TCP:PORT_55176
"24977:TCP"= 24977:TCP:PORT_24977
"31922:TCP"= 31922:TCP:PORT_31922
"12001:TCP"= 12001:TCP:PORT_12001
"5012:TCP"= 5012:TCP:PORT_5012
"53504:TCP"= 53504:TCP:PORT_53504
"16184:TCP"= 16184:TCP:PORT_16184
"63160:TCP"= 63160:TCP:PORT_63160
"12969:TCP"= 12969:TCP:PORT_12969
"45047:TCP"= 45047:TCP:PORT_45047
"35957:TCP"= 35957:TCP:PORT_35957
"48348:TCP"= 48348:TCP:PORT_48348
"44860:TCP"= 44860:TCP:PORT_44860
"23473:TCP"= 23473:TCP:PORT_23473
"46578:TCP"= 46578:TCP:PORT_46578
"21121:TCP"= 21121:TCP:PORT_21121
"44485:TCP"= 44485:TCP:PORT_44485
"43406:TCP"= 43406:TCP:PORT_43406
"62160:TCP"= 62160:TCP:PORT_62160
"33973:TCP"= 33973:TCP:PORT_33973
"24285:TCP"= 24285:TCP:PORT_24285
"17676:TCP"= 17676:TCP:PORT_17676
"62672:TCP"= 62672:TCP:PORT_62672
"21098:TCP"= 21098:TCP:PORT_21098
"62348:TCP"= 62348:TCP:PORT_62348
"42781:TCP"= 42781:TCP:PORT_42781
"36590:TCP"= 36590:TCP:PORT_36590
"17219:TCP"= 17219:TCP:PORT_17219
"63478:TCP"= 63478:TCP:PORT_63478
"13744:TCP"= 13744:TCP:PORT_13744
"15381:TCP"= 15381:TCP:PORT_15381
"63309:TCP"= 63309:TCP:PORT_63309
"27227:TCP"= 27227:TCP:PORT_27227
"61406:TCP"= 61406:TCP:PORT_61406
"7161:TCP"= 7161:TCP:PORT_7161
"64430:TCP"= 64430:TCP:PORT_64430
"16176:TCP"= 16176:TCP:PORT_16176
"20266:TCP"= 20266:TCP:PORT_20266
"30567:TCP"= 30567:TCP:PORT_30567
"52442:TCP"= 52442:TCP:PORT_52442
"64744:TCP"= 64744:TCP:PORT_64744
"5322:TCP"= 5322:TCP:PORT_5322
"57454:TCP"= 57454:TCP:PORT_57454
"57673:TCP"= 57673:TCP:PORT_57673
"9916:TCP"= 9916:TCP:PORT_9916

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S2 mrtRate;mrtRate; [x]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Search
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [You must be registered and logged in to see this link.] files\ieSpell\wikipedia.HTM
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: ritchiebros.com\www
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\greengillbill@isp.com\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
SafeBoot-MCODS
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
AddRemove-HijackThis - f:\downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-19 09:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'explorer.exe'(2940)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\System32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\wanmpsvc.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\windows\wt\updater\wcmdmgr.exe
c:\progra~1\AOL9~1.1\waol.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\progra~1\AOL9~1.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-12-19 10:12:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 17:12

Pre-Run: 8,791,400,448 bytes free
Post-Run: 10,099,765,248 bytes free

- - End Of File - - BF2F58D09DEA0B32F3C59C9AC91E7264

greengillbill
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-12-15
OS : xp
Points : 25528
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by Dr Jay on Sun Dec 20, 2009 10:01 am

Please perform a scan with [You must be registered and logged in to see this link.].
[You must be registered and logged in to see this link.]

  • Before starting your scan, disable antivirus or antispyware software.
  • Read the "Advantages - Requirements and Limitations" then press the ACCEPT... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the SETTINGS... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the SAVE... button afterwards:

    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases:

  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste the contents of that file in your next reply.

*Note: This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools. Some online scanners will detect existing anti-virus software and they may interfere or stop the scan. If that occurs, disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by greengillbill on Mon Dec 21, 2009 12:34 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, December 20, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, December 20, 2009 19:53:31
Records in database: 3393267
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 127119
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 04:36:21


File name / Threat / Threats count
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\sdfg.jar-280bfa68-6a64f79f.zip Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Program Files\AOL Toolbar\AOLToolbarSetup.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.y 1

Selected area has been scanned.

greengillbill
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-12-15
OS : xp
Points : 25528
# Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A/nuquel win32

Post by Dr Jay on Mon Dec 21, 2009 9:13 am

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum